Governance, Risk and Compliance Advisory

More about our GRC-A Services Team and the guidance that our experts provide.

who we are - xx

Lodestone’s Governance, Risk and Compliance Advisory services team delivers cumulative decades of experience in security consulting to give you the advantage when pursuing or maintaining key certifications such as Health Information Portability and Accessibility Act (HIPAA) requirements, Protected Health Information (PHI) requirements, or those set by the Payment Card Industry Security Standards Council (PCI-SSC). Our experts offer everything you need to be proactive about your security in a world where cyberattacks are more common – and devastating – than ever. This includes customized assessments and professional guidance to identify your attack surface, strengthen your security policies, test your readiness, and provide training to your personnel to create layers of defense that protect your business and its critical resources long before a threat actor targets you.

GAP ANALYSIS

+

For companies working to achieve risk reduction to become eligible for insurance coverage, Lodestone professionals are prepared to help set you up for success. We perform a gap analysis of your organization based on security controls specified in the Beazley Ransomware Supplemental Application and Beazley Breach Response Questionnaire. Through interviews of subject matter experts and the review of documentation, technologies, and processes across your environment, we gain a complete perspective of your company and share our knowledge of insurance requirement compliance with you. Any areas where required controls are missing or could be enhanced are delivered to you in a detailed report that can be used to remediate any current deficiencies or demonstrate adherence to insurance requirements.

Gap Analysis

TABLETOP EXERCISES

+

Lodestone’s tabletop exercises combine realistic threat scenarios with our years of experience to test the strength of your company’s incident response plan. We partner with your key stakeholders to identify the exercises that best address the unique challenges your company might face in the wild. We examine your organization’s security infrastructure, including your staff’s ability to execute the incident response plan in place.

The engagement concludes with the presentation of a detailed report that details your company’s strengths and weaknesses, along with recommendations to improve your readiness for a real-world event.

Tabletop Exercises

SECURITY POLICY REVIEW AND DEVELOPMENT

+

A strong security posture begins with strong foundations. Whether your company already has a mature set of security policies and procedures in place or is just getting started, we review your existing documentation, interview relevant stakeholders, and determine what changes can be made to enhance organizational governance.

Our experts support you throughout this process with a combination of bolstering existing documentation and creating new material from the ground up. Our experts will provide you with a robust portfolio of security policies and procedures and guidance on what changes we have recommended and why.

Security Policy Review and Development

COMPLIANCE AND FRAMEWORK CONSULTING

+

Our compliance experts will guide you on your journey towards meeting major compliance objectives as specified in frameworks and standards such as Payment Card Industry Data Security Standard (PCI-DSS), Health Information Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley Act (GLBA), National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF), NIST 171, NIST 800-53, and International Organization for Standardization (ISO) 27001.

We will identify areas for improvement in your existing setup and provide you with detailed recommendations on how to achieve your desired certifications and standardization goals.

Compliance and Framework Consulting

CUSTOMIZED RISK ASSESSMENT

+

Lodestone’s experts perform qualitative and compliance-focused risk assessments based on your choice of industry-specific standards such as the Payment Card Industry Data Security Standard (PCI-DSS), Health Information Portability and Accountability Act (HIPAA), or the Gramm-Leach-Bliley Act (GLBA), or broader guidelines such as the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) or Center for Internet Security (CIS) 18 Critical Security Controls (CSCs).

We get to know you, interviewing subject matter experts, reviewing documentation, and gaining a thorough understanding of your environment to identify your company’s unique strengths and weaknesses. From there, we help you develop a roadmap for reaching any of your compliance goals and addressing cyber risks within your company before a security incident comes knocking.

Customized Risk Assessment

ATTACK SURFACE MAPPING

+

Remote network testing can provide your company with critical insight into vulnerabilities that are exposed to potential threat actors.

Lodestone’s experts will work with you to map out what parts of your organization may be most vulnerable and evaluate them at a single point in time via passive monitoring. After completing these assessments and validating results to reduce false positives, we provide a detailed report on our findings to give your company actionable intelligence on areas of your environment that are most exposed to would-be attackers.

VIRTUAL CISO

+

Is your company ready to step into the future with powerful cyber-security initiatives? Lodestone’s virtual Chief Information Security Officer (CISO) service equips you with a direct line to a security expert who can remotely answer all your security questions.

Our virtual CISO will show you the optimal steps towards creating a security foundation that protects the keys to your kingdom and helps you retain the trust of your customers.

Virtual CISO

SECURITY AWARENESS TRAINING

+

The “human factor” is one of companies’ least addressed yet greatest security risks. We empower your employees to identify and report suspicious activity in your environment and integrate best practices into their everyday work with minimal disruption.

Our training can be provided in person, in a recorded format, or both, and we tailor our content to cover all of the security topics that best suit your company’s interests and needs.

Security Awareness Training

Connect With Us

320 East Main Street
Lewisville, TX 75057

203.307.4984

Name

Subject

Message